UbuntuUpdates.org

Package "needrestart"

Name: needrestart

Description:

check which daemons need to be restarted after library upgrades

Latest version: 3.5-5ubuntu2.2
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: https://github.com/liske/needrestart

Links


Download "needrestart"


Other versions of "needrestart" in Jammy

Repository Area Version
base main 3.5-5ubuntu2
security main 3.5-5ubuntu2.2

Changelog

Version: 3.5-5ubuntu2.2 2024-11-19 20:06:48 UTC

  needrestart (3.5-5ubuntu2.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect usage of PYTHONPATH environment variable
    - debian/patches/CVE-2024-48990.patch: chdir to a clean directory
      to avoid loading arbirary objects, sanitize PYTHONPATH before
      spawning a new python interpreter
    - CVE-2024-48990
  * SECURITY UPDATE: race condition for checking path to python
    - debian/patches/CVE-2024-48991.patch: sync path for both check
      and usage for python interpreter
    - CVE-2024-48991
  * SECURITY UPDATE: incorrect usage of RUBYLIB environment variable
    - debian/patches/CVE-2024-48992.patch: chdir to a clean directory
      to avoid loading arbirary objects, sanitize RUBYLIB before
      spawning a new ruby interpreter
    - CVE-2024-48992
  * SECURITY UPDATE: incorrect usage of Perl ScanDeps
    - debian/patches/CVE-2024-11003.patch: remove usage of ScanDeps
      to avoid parsing arbitrary code
    - CVE-2024-11003

 -- Sudhakar Verma <email address hidden> Mon, 18 Nov 2024 13:51:23 +0530

Source diff to previous version
CVE-2024-48990 Qualys discovered that needrestart, before version 3.8, allows local a ...
CVE-2024-48991 Qualys discovered that needrestart, before version 3.8, allows local a ...
CVE-2024-48992 Qualys discovered that needrestart, before version 3.8, allows local a ...
CVE-2024-11003 Qualys discovered that needrestart, before version 3.8, passes unsanit ...

Version: 3.5-5ubuntu2.1 2022-05-17 19:06:31 UTC

  needrestart (3.5-5ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exec via unanchored regexes
    - debian/patches/CVE-2022-30688.patch: improve regexes in
      perl/lib/NeedRestart/Interp/Perl.pm,
      perl/lib/NeedRestart/Interp/Python.pm,
      perl/lib/NeedRestart/Interp/Ruby.pm.
    - CVE-2022-30688

 -- Marc Deslauriers <email address hidden> Mon, 16 May 2022 07:08:25 -0400

CVE-2022-30688 local privilege escalation



About   -   Send Feedback to @ubuntu_updates